Severe Skype Exploit Discovered, Password Resets Disabled to be Safe (Updated)

Password recovery tools fill a very useful place in today’s login-crazy Web, but the helpful boon has turned into a hindering bane for Skype users. For at least two months, hackers have known — and presumably been using — a flaw in Skype’s password recovery tool that allowed anyone to easily take control of any account if they know its associated email address.

The Next Web successfully managed to recreate the exploit, which was first published on a Russian forum. After performing a few simple steps and a sending a password reset token request to the Skype app itself rather than the owner’s inbox, the website was able to seize control of its editor’s Skype account within minutes. TNW successfully repeated the vulnerability with several other accounts.

Fortunately, Skype and Microsoft leaped right on top of the vulnerability after The Next Web shined a light on the issue. Shortly after the article aired, Skype sent out the following statement:

We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority.

The headache comes at a bad time for the communication service, which recently rolled out a new Skype for Windows 8 app as well as a Windows Phone 8 preview.

Update 1:52 P.M. EST: Well, that was fast. Skype just reached out to let us know that the vulnerability has been fixed and the service’s password reset options are up and running once again. Read the brief details here.

Email* (will not be published)
*Indicates required field
Submit Comments

  1. Tifini Says:

    Thanks for the article. We all need to be more proactive about our personal account security. In my opinion if they had Two-Factor authentication available this would not be a problem. Maybe now since Microsoft bought a 2FA company they will start offering 2FA in more of their products giving us the option to telesign into our account with a text message with a specific code to be entered into the system.

All Product Types Accessories Cars Digital Camcorders Digital Cameras eReaders GPS Laptops MP3 & Video Players Projectors Smartphones Software Storage Tablets / MIDs VoIP Wi-Fi
All Subcategories
All Subcategories All-Purpose Budget Business Desktop Replacement Gaming Multimedia Netbook Nettop Rugged Student Tablet PCs Ultraportable
Acer Alienware Apple Archos ASUS Averatec BenQ CTL Corp. Dell Digital Storm eMachines Emtec Everex Fujitsu GammaTech Gateway General Dynamics Getac Gigabyte Hercules HP HTC iBuyPower Intel Lenovo MSI Nokia Nvidia OCZ OLPC OQO Origin Panasonic Sager Samsung Sony Sylvania Systemax TabletKiosk Toshiba Verizon Viewsonic Viliv VooDoo Workhorse PC ZT Systems
Minimum Rating
Any Rating 4.5 Stars 4.0 Stars 3.5 Stars 3.0 Stars
Screen Size
10 11 12 13 14 15 16 17 18 20 4 5 6 7 8 9
1024x576 1024x600 1024x768 1200X800 1280 x 720 1280x1024 1280x768 1280x800 1366x678 1366x768 1440x1050 1440x900 1600x768 1600x900 1680x1050 1680x945 1920x1080 1920x1200 800x400 800x480
Weight Range
10.1 - 12.0 pounds 12.1 - 14.0 pounds 14.1 - 16.0 pounds 2 lbs 2 pounds and under 2+ lbs 2.1 - 4.0 pounds 4.1 - 6.0 pounds 6.1 - 8.0 pounds 8.1 - 10.0 pounds Over 16 pounds Under 2 pounds
more options